Overview

URLatt-101700.square.site/
IP 199.34.228.39 (United States)
ASN#27647 WEEBLY
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-28 17:02:57 UTC
StatusLoading report..
IDS alerts0
Blocklist alert20
urlquery alerts No alerts detected
Tags None

Domain Summary (14)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-28 05:46:10 UTC 34.117.237.239
ocsp.entrust.net (1) 1208 2014-01-10 02:18:45 UTC 2020-04-24 21:44:37 UTC 104.110.10.32
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.203.75.56
ocsp.globalsign.com (2) 2075 2012-07-20 17:46:16 UTC 2020-05-02 20:58:10 UTC 104.18.21.226
ec.editmysite.com (4) 12806 2018-09-03 10:26:45 UTC 2020-04-22 02:18:25 UTC 34.214.185.169
sentry.io (1) 2743 2016-08-31 05:38:44 UTC 2022-11-28 05:32:29 UTC 35.188.42.15
att-101700.square.site (11) 0 2022-11-28 16:57:06 UTC 2022-11-28 16:57:06 UTC 199.34.228.39 Domain (square.site) ranked at: 22579
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-28 05:55:58 UTC 34.102.187.140
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
rum.browser-intake-datadoghq.com (2) 11420 No data No data 3.233.153.110
r3.o.lencr.org (6) 344 No data No data 23.36.76.226
ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
ocsp.sca1b.amazontrust.com (2) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 54.230.245.39

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-11-28 2 att-101700.square.site/ AT&T Inc.
2022-11-28 2 att-101700.square.site/ AT&T Inc.
2022-11-28 2 att-101700.square.site/ AT&T Inc.
2022-11-28 2 att-101700.square.site/ AT&T Inc.
2022-11-28 2 att-101700.square.site/ AT&T Inc.
2022-11-28 2 att-101700.square.site/ AT&T Inc.
2022-11-28 2 att-101700.square.site/ AT&T Inc.
2022-11-28 2 att-101700.square.site/ AT&T Inc.
2022-11-28 2 att-101700.square.site/ AT&T Inc.
2022-11-28 2 att-101700.square.site/ AT&T Inc.

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-28 2 att-101700.square.site/ Phishing
2022-11-28 2 att-101700.square.site/ Phishing
2022-11-28 2 att-101700.square.site/ajax/api/JsonRPC/Commerce/?Commerce/[Checkout::getSq (...) Phishing
2022-11-28 2 att-101700.square.site/uploads/b/760c4ac0-6e8c-11ed-97ee-11fd02598509/icon_ (...) Phishing
2022-11-28 2 att-101700.square.site/ajax/api/JsonRPC/Commerce/?Commerce/[ABTestSegmentat (...) Phishing
2022-11-28 2 att-101700.square.site/app/website/cms/api/v1/users/144000660/customers/coo (...) Phishing
2022-11-28 2 att-101700.square.site/square.ico Phishing
2022-11-28 2 att-101700.square.site/ajax/api/JsonRPC/Commerce/?Commerce/[Checkout::getCu (...) Phishing
2022-11-28 2 att-101700.square.site/ajax/api/JsonRPC/Commerce/?Commerce/[Checkout::hasCo (...) Phishing
2022-11-28 2 att-101700.square.site/app/website/square.ico Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 199.34.228.39
Date UQ / IDS / BL URL IP
2023-01-31 16:43:46 +0000 0 - 0 - 10 att-103193-101421.square.site/ 199.34.228.39
2023-01-31 15:27:50 +0000 0 - 0 - 20 my-business-108400-103568.square.site/ 199.34.228.39
2023-01-28 06:27:18 +0000 0 - 0 - 22 upgrademailviews.square.site/ 199.34.228.39
2023-01-27 19:53:53 +0000 0 - 0 - 3 mailbyatt.square.site/ 199.34.228.39
2023-01-27 18:59:33 +0000 0 - 0 - 5 attnetuserm105761-108779.square.site/ 199.34.228.39


Last 5 reports on ASN: WEEBLY
Date UQ / IDS / BL URL IP
2023-01-31 20:35:56 +0000 0 - 0 - 2 att-101047.weeblysite.com/ 199.34.228.97
2023-01-31 19:54:57 +0000 0 - 0 - 2 yahoo-106591.weeblysite.com/ 199.34.228.97
2023-01-31 18:35:11 +0000 0 - 0 - 2 att-mail-101778.weeblysite.com/ 199.34.228.96
2023-01-31 17:49:45 +0000 0 - 0 - 3 att-108957-101153.weeblysite.com/ 199.34.228.96
2023-01-31 17:47:50 +0000 0 - 0 - 2 yahoo-105831.weeblysite.com/ 199.34.228.96


Last 5 reports on domain: square.site
Date UQ / IDS / BL URL IP
2023-01-31 16:43:46 +0000 0 - 0 - 10 att-103193-101421.square.site/ 199.34.228.39
2023-01-31 16:01:30 +0000 0 - 0 - 12 loginscreeninc.square.site/ 199.34.228.40
2023-01-31 15:49:30 +0000 0 - 0 - 20 attnet-101605.square.site/ 199.34.228.40
2023-01-31 15:45:29 +0000 0 - 0 - 22 uzzcol.square.site/ 199.34.228.40
2023-01-31 15:42:26 +0000 0 - 0 - 20 my-business-105154-109092.square.site/ 199.34.228.40


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-11-19 23:23:56 +0000 0 - 0 - 22 att-104662.square.site/ 199.34.228.39
2022-11-19 14:57:37 +0000 0 - 0 - 22 att-104662.square.site/ 199.34.228.40
2022-09-16 18:54:21 +0000 0 - 0 - 16 nby1um.webwave.dev/ 185.30.124.158
2022-09-11 12:14:18 +0000 0 - 0 - 10 ozxl0q.webwave.dev/ 185.73.228.142
2022-11-28 16:57:42 +0000 0 - 0 - 20 att-104331.square.site/ 199.34.228.40

JavaScript

Executed Scripts (33)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (43)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "72937C756D3FEEAE6D04A6F445398B0436BDF559F8C7437E3A3233263943900E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7340
Expires: Mon, 28 Nov 2022 19:05:06 GMT
Date: Mon, 28 Nov 2022 17:02:46 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 516
Cache-Control: max-age=149831
Date: Mon, 28 Nov 2022 17:02:46 GMT
Etag: "63848df9-1d7"
Expires: Wed, 30 Nov 2022 10:39:57 GMT
Last-Modified: Mon, 28 Nov 2022 10:31:21 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: att-101700.square.site
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         199.34.228.39
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Date: Mon, 28 Nov 2022 17:02:46 GMT
Location: https://att-101700.square.site
Set-Cookie: publishedsite-xsrf=eyJpdiI6IkpEaXRUMHRZVmpWOHZlallKNDJcLzZnPT0iLCJ2YWx1ZSI6ImVqSnNCS1BcL1NJQW5OeERMSHI5aTFWcmNSK2NJbTB3Ync4UWhXdUNXbjQxeXdKNkVzdENmWStWelFEQTNqVzRjNG03ckhQNW95ZWxIN2huYjhjQ1lRa2hCZlhLdXN1eVNsUm9oMlFHXC9uc0dZODIybzNMOXEwNWlMSmF0ektzdUkiLCJtYWMiOiIzYjIzZGFmMTlmMmEyNjk4ZGNiZjA3OGU2MDc1ZTkzZjNhZDQwMDIxNWVhNDM1ZjQwODY2YzVkN2Q5NjFmZDBlIn0%3D; expires=Mon, 12-Dec-2022 17:02:46 GMT; Max-Age=1209600; path=/ XSRF-TOKEN=eyJpdiI6Ik5Pb2dNd1JvMGhUTk9sV2l4bjNiT1E9PSIsInZhbHVlIjoiZlM2d01UdklJZ3B6MDYreVN5T2dnaG1YMWE4Q1wvVk1JeCsxNjRUMmdwd2p0d0pJemlcLzZaMjFCM2JtbEk3UDFhbXBZRFFUTjdrR0xXdHdcL3puXC9xSjI2TjJOdTNISFZFYTZDZGZBZXFNUmpEOEZnUW14TGxiaEhyaGpBNWkrd2VNIiwibWFjIjoiNjI3ZmExZjFiYjMzZDkzMTU5YzMyNGYyNmQzMDRiODA5MTBjNTcyOGM3NjdiZDIzY2QyOTMwNjUyMzNkMmNjOSJ9; expires=Mon, 12-Dec-2022 17:02:46 GMT; Max-Age=1209600; path=/ PublishedSiteSession=eyJpdiI6IkhIbWt2elFUVmFJcjF4VWIreDB6a1E9PSIsInZhbHVlIjoiYWRlXC9JbXVLaE1sQ3BIMFlLNjJiQXdRbUxRdjVXTU1RZnliVGZuMWxtd2ZxNDAzczROK0ZZTWx1OXZUN1p3T3g1WjFibVR1aTdKOVVHd3V2TWJHdEpGZWhIb1BpcEZxWkF4S080RnVOdjVHVzFNM3p0Z0hEM29OdGZFQnM2NGxaIiwibWFjIjoiNjMwOGQ3ZTYzYzk5ZGFlMDIyYTg3YzdkYzc3NGI3ZjFjNWJiNmQ5ZjFmM2FjMmY2MDc4ZmFiOWU0YTJkMTljNiJ9; expires=Mon, 12-Dec-2022 17:02:46 GMT; Max-Age=1209600; path=/; httponly
X-Host: blu69.sf2p.intern.weebly.net
X-Revision: aba69181966a1a9229b2f5527bc29ef4864d9bed
X-Request-ID: aba8615275ba72b9fc0571e8db4c46d0


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   366
Md5:    d95be0d93fbb1aa9013942e93dac11cf
Sha1:   3c48d17d80d2907aa5e89516268fafbb0710838d
Sha256: 582c2e4cf46071751df626cdd627c07c73861439831810fea4eb39fb3c6d4dcf

Alerts:
  Blocklists:
    - openphish: AT&T Inc.
    - fortinet: Phishing
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 16:19:32 GMT
cache-control: public,max-age=3600
age: 2594
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4d7e4eed097b9c4e5d509419f1cfc85a
Sha1:   290bb3d428a7c6330e2e3d73a952b16f820896c8
Sha256: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9471
Expires: Mon, 28 Nov 2022 19:40:37 GMT
Date: Mon, 28 Nov 2022 17:02:46 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: +Ibv618H1K300mITWSDNIv8imUZ9FWAqYKaNEpfdSwfJpfaDKBXWCivuYqdXurDj48SOjUSF1/4=
x-amz-request-id: SYMM9PP8ND86BSC1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 16:45:06 GMT
age: 1060
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 28 Nov 2022 17:02:46 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.entrust.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.110.10.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
ETag: "6B6EC03E0EE29280CD0EE564ED30403A1152352CCC4314BB0689AA59BE40D8D5"
Last-Modified: Mon, 28 Nov 2022 10:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3333
Expires: Mon, 28 Nov 2022 17:58:19 GMT
Date: Mon, 28 Nov 2022 17:02:46 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1588
Md5:    e6ab66388a89251f30b095988a6ff20f
Sha1:   e2a2d6ad7da3dec0f09d009a0a84f855aa15892f
Sha256: 6b6ec03e0ee29280cd0ee564ed30403a1152352ccc4314bb0689aa59be40d8d5
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 16:08:55 GMT
cache-control: public,max-age=3600
age: 3231
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2824
Cache-Control: max-age=147072
Date: Mon, 28 Nov 2022 17:02:47 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 09:53:59 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rIhYup88q12n42O5IffbDw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.203.75.56
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: PLIBRIyIsMHT1sPD236vCnEaa1c=

                                        
                                            GET / HTTP/1.1 
Host: att-101700.square.site
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         199.34.228.39
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Mon, 28 Nov 2022 17:02:47 GMT
Set-Cookie: publishedsite-xsrf=eyJpdiI6Ik9DQ2l2cUhkdFwvakpqWWNJckhUelRRPT0iLCJ2YWx1ZSI6InY1RHVQVTNsWXJMSDVxeEhGQVREdjlkU01nTW5vOVNFdXhuOFhsRU1rd1Nmb3BiTDIrZW56Tk1tY3lNM2pTdTJFKzVCeXBvZWJhdDBSWmpvZjI0VnhQQ05vVkI4YVM5RldRZStHdzd6UFM1ZXUrbWI3QUhcL0dpSFYybVFmcGpuRyIsIm1hYyI6ImYzMTFmMDliMDljZjhhYTdhMGEyNTJiNDE3YzNlMjA1MjJkNGYxYTAxMzBkNDlkMmFkMzY0NzU3ZWRkMzAyZGYifQ%3D%3D; expires=Mon, 12-Dec-2022 17:02:47 GMT; Max-Age=1209600; path=/ XSRF-TOKEN=eyJpdiI6Ilk3SHlOSEY5ZVRuWFhnV2g2R1Q3Z2c9PSIsInZhbHVlIjoibE1EWHZmUWNWUlwvWDZaZkFka1FoTFhzeTF0b3VqT3prZ3Q4SCtta2prd29uNk41ZjV5SUlDa3c1TlkyS3dIWVJwQmg5QkgrRjdRNWFlTk8xQTl0MXJLaDh2UEUxV3kxcjJLUnpMSUlyZ296OGdXRkxibTRzWUZRTlY2bFFuU1A0IiwibWFjIjoiMmUxMmNiMDgyNjJjMTZjZTUyYTg0ZDcyNDg1ZTk3ZmZjMDkxMTM3ZWU1NDhmZGI5MWIzNmMzMjJhNDc0ZjBiNSJ9; expires=Mon, 12-Dec-2022 17:02:47 GMT; Max-Age=1209600; path=/ PublishedSiteSession=eyJpdiI6IlFFN2JcLzdUalN4NXY1N2EzZ1BTbDFBPT0iLCJ2YWx1ZSI6IjduMndkRlwvcjYxdG5acWZWb1ZtSlFjMEZPMkx1UG1YUjBtanVlU1ByamgwNVdIRkU3aXpuZmlvbDJZRnd6QU5cL1g3SVB3azY0YzI4TXlkNU1KQXhFTUhEdVUzSUJMeE9pS3FGYk5yZWpJUGJFTTh4dTFDYW1KYW02TFBMQUdER24iLCJtYWMiOiIxNjA0OTE1M2JjMmM5OGEwNzk1MWRiNjVkOWFlYTE2MDM3Y2ZjMzA1YTU4ODljNTE3OWZjMzFiZjBmNzI1MDVhIn0%3D; expires=Mon, 12-Dec-2022 17:02:47 GMT; Max-Age=1209600; path=/; httponly
X-Host: grn83.sf2p.intern.weebly.net
X-Revision: aba69181966a1a9229b2f5527bc29ef4864d9bed
X-Request-ID: fc36f034d8af54317b68afaee2b28787
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (20952)
Size:   9240
Md5:    c161ef4b6f6bdf4370071919036280a5
Sha1:   a8db40674fe8c7568d51ebc474c8aca9b2cc4039
Sha256: 0b1b1015573851bebf39b1163306f6e469dfa5acd7c694c9c3197802d17b0511

Alerts:
  Blocklists:
    - openphish: AT&T Inc.
    - fortinet: Phishing
                                        
                                            POST /ca/gsatlasr3dvtlsca2022q3 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 17:02:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "F9B0BA749866C420FFB098B7C75EF13B35C6CB49"
Expires: Tue, 29 Nov 2022 04:00:00 GMT
Last-Modified: Mon, 28 Nov 2022 16:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1473
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7714ac5c08ecb51b-OSL


--- Additional Info ---
Magic:  data
Size:   1462
Md5:    190f8181cfc8dcc1df695134165b66b4
Sha1:   1583541993130f97ec75d82bbd1ffcdd7a3afe1f
Sha256: b37394886eb6e32269bad101d7b2ab16cc8f8a9af8398fcf02294d009a1554db
                                        
                                            POST /ca/gsatlasr3dvtlsca2022q3 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 17:02:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "F9B0BA749866C420FFB098B7C75EF13B35C6CB49"
Expires: Tue, 29 Nov 2022 04:00:00 GMT
Last-Modified: Mon, 28 Nov 2022 16:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1473
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7714ac5c0c61b4f4-OSL


--- Additional Info ---
Magic:  data
Size:   1462
Md5:    190f8181cfc8dcc1df695134165b66b4
Sha1:   1583541993130f97ec75d82bbd1ffcdd7a3afe1f
Sha256: b37394886eb6e32269bad101d7b2ab16cc8f8a9af8398fcf02294d009a1554db
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         54.230.245.39
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=93850
Date: Mon, 28 Nov 2022 17:02:48 GMT
Etag: "6383a1a3-1d7"
Expires: Tue, 29 Nov 2022 19:06:58 GMT
Last-Modified: Sun, 27 Nov 2022 17:42:59 GMT
Server: ECS (bsa/EB23)
X-Cache: Miss from cloudfront
Via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: q1yjwKGtQ9F7dZA7CdyPEsAGSrhwoXbKpiXQUZE69sZ7d7zNLM8irg==
Age: 5039

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         54.230.245.39
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=91071
Date: Mon, 28 Nov 2022 17:02:48 GMT
Etag: "6383a1a3-1d7"
Expires: Tue, 29 Nov 2022 18:20:39 GMT
Last-Modified: Sun, 27 Nov 2022 17:42:59 GMT
Server: ECS (bsa/EB21)
X-Cache: Miss from cloudfront
Via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 9KN3TBFxnNdKDdDU2DOEcF1ZvlTqlLL8z8G-LLJuawf2HkuyYX8PjQ==
Age: 2260

                                        
                                            OPTIONS /com.snowplowanalytics.snowplow/tp2 HTTP/1.1 
Host: ec.editmysite.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://att-101700.square.site/
Origin: https://att-101700.square.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.214.185.169
HTTP/2 200 OK
                                        
date: Mon, 28 Nov 2022 17:02:48 GMT
content-length: 0
server: nginx
access-control-allow-origin: https://att-101700.square.site
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-max-age: 600
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5480
Expires: Mon, 28 Nov 2022 18:34:08 GMT
Date: Mon, 28 Nov 2022 17:02:48 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5480
Expires: Mon, 28 Nov 2022 18:34:08 GMT
Date: Mon, 28 Nov 2022 17:02:48 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5480
Expires: Mon, 28 Nov 2022 18:34:08 GMT
Date: Mon, 28 Nov 2022 17:02:48 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5480
Expires: Mon, 28 Nov 2022 18:34:08 GMT
Date: Mon, 28 Nov 2022 17:02:48 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ibLuLI6j9EWh0dgk51O7kiPBRyURZ0UdNtlgbBD-SXnDg_GT_tJm8Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:16 GMT
age: 68492
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9430
Md5:    1f434933b5bd6377d299ada22d1ae7ef
Sha1:   075531f525e625b117b2497f31139c9824d0e9c5
Sha256: b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8817
x-amzn-requestid: 31bd21c7-1d75-4159-af51-52035da16da4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-krGE6AIAMF2Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c1b13-32a7b9c6642592c70783a0cf;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 00:42:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZJu4cMNnQTavxqB1MnRFluzfZC59BcUnIHgXh9h6LJWYgsFL83rHoQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 16:15:25 GMT
age: 2843
etag: "308c08784ce4a0757cbd112807555b83e17a1d56"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8817
Md5:    741ddfb19764ac9a77509e7e87cfbfb2
Sha1:   308c08784ce4a0757cbd112807555b83e17a1d56
Sha256: e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8885
x-amzn-requestid: 71b8367f-f79f-42a7-bcb8-c441a154babf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGDTEFSeIAMF3rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f18e0-631b775d3430a8c30c3b4420;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:10:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jsmd6yxjJxLMEgv1jDa87iEoZXL2OuALsmUZ9Nxx1rUN-xOTdtN1-A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 08:11:39 GMT
age: 31869
etag: "70c2a238f06ca7e56ef80c83738e081bf0de3330"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8885
Md5:    3a1a4e00f1f15827cf651f373863c379
Sha1:   70c2a238f06ca7e56ef80c83738e081bf0de3330
Sha256: 3d936e1f0c96297f121faece12d6f8173e12eed5087165cd4eefc0fab368419f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F955ba04e-80cb-43a1-bc6a-3e502a79144e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9546
x-amzn-requestid: 60e352b5-ab38-4975-bf26-500f0a639a2d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFfulExwIAMFzQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637edff6-1364912f7fd292da6453a83e;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 03:07:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qtRAIXoswvTgNWZzaQE1WHZQXoJRtK9nKpusFtXH3pDRHH_DZtsLFw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 11:59:09 GMT
age: 18219
etag: "373c96c2e0006d70954d4b4ebd850f62f558e92c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9546
Md5:    9a6e5f60b87d3879606a6707feb37a73
Sha1:   373c96c2e0006d70954d4b4ebd850f62f558e92c
Sha256: 1ae48f692f44d357e21eec708b46f22c36a3de21be8d0f1c2035d197e0aa89de
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6376
x-amzn-requestid: 25b82353-9c15-44c0-ada5-55f4697de935
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KGeaoAMFb_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-71711cca7c063030292c5e47;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: odmAWkNyUMevvXStu7zRJyckokhyBjUwu7-JSvj8by-JWJ9eAm9P5Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:26 GMT
age: 68482
etag: "53b12a8702f7c5b7cc697e2a24da824d9434be65"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6376
Md5:    78b1389f425425d0450c94d900404dc4
Sha1:   53b12a8702f7c5b7cc697e2a24da824d9434be65
Sha256: 0c1659ab3afc6e45f9e3acb12f8865bb99e4668f7df4501b1cc740e53f5b62ed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:43 GMT
age: 69065
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10199
Md5:    2cd887044e91d7ed0f1a8d7119ff7dd0
Sha1:   ae8aa4ce6ddaccba771fe65446926b60fc5628da
Sha256: bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
                                        
                                            POST /com.snowplowanalytics.snowplow/tp2 HTTP/1.1 
Host: ec.editmysite.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 1941
Origin: https://att-101700.square.site
Connection: keep-alive
Referer: https://att-101700.square.site/
Cookie: sp=5e23c2a9-10f9-4327-bd97-713402375c0e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.214.185.169
HTTP/2 200 OK
content-type: text/plain; charset=UTF-8
                                        
date: Mon, 28 Nov 2022 17:02:48 GMT
content-length: 2
server: nginx
set-cookie: sp=5e23c2a9-10f9-4327-bd97-713402375c0e; Expires=Tue, 28 Nov 2023 17:02:48 GMT; Domain=; Path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: https://att-101700.square.site
access-control-allow-credentials: true
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    444bcb3a3fcf8389296c49467f27e1d6
Sha1:   7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
Sha256: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
                                        
                                            POST /api/1263158/envelope/?sentry_key=13e49d785d8d4f828038b6136f3b48ba&sentry_version=7 HTTP/1.1 
Host: sentry.io
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://att-101700.square.site/
Content-Type: text/plain;charset=UTF-8
Origin: https://att-101700.square.site
Content-Length: 429
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.188.42.15
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Server: nginx
Date: Mon, 28 Nov 2022 17:02:48 GMT
Content-Length: 2
Connection: keep-alive
access-control-allow-origin: https://att-101700.square.site
access-control-expose-headers: x-sentry-error, retry-after, x-sentry-rate-limits
vary: Origin
x-envoy-upstream-service-time: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   2
Md5:    99914b932bd37a50b983c5e7c90ae93b
Sha1:   bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
Sha256: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
                                        
                                            POST /ajax/api/JsonRPC/Commerce/?Commerce/[Checkout::getSquareStoreConfig] HTTP/1.1 
Host: att-101700.square.site
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
X-XSRF-TOKEN: eyJpdiI6Ilk3SHlOSEY5ZVRuWFhnV2g2R1Q3Z2c9PSIsInZhbHVlIjoibE1EWHZmUWNWUlwvWDZaZkFka1FoTFhzeTF0b3VqT3prZ3Q4SCtta2prd29uNk41ZjV5SUlDa3c1TlkyS3dIWVJwQmg5QkgrRjdRNWFlTk8xQTl0MXJLaDh2UEUxV3kxcjJLUnpMSUlyZ296OGdXRkxibTRzWUZRTlY2bFFuU1A0IiwibWFjIjoiMmUxMmNiMDgyNjJjMTZjZTUyYTg0ZDcyNDg1ZTk3ZmZjMDkxMTM3ZWU1NDhmZGI5MWIzNmMzMjJhNDc0ZjBiNSJ9
Content-Length: 78
Origin: https://att-101700.square.site
Connection: keep-alive
Referer: https://att-101700.square.site/
Cookie: publishedsite-xsrf=eyJpdiI6Ik9DQ2l2cUhkdFwvakpqWWNJckhUelRRPT0iLCJ2YWx1ZSI6InY1RHVQVTNsWXJMSDVxeEhGQVREdjlkU01nTW5vOVNFdXhuOFhsRU1rd1Nmb3BiTDIrZW56Tk1tY3lNM2pTdTJFKzVCeXBvZWJhdDBSWmpvZjI0VnhQQ05vVkI4YVM5RldRZStHdzd6UFM1ZXUrbWI3QUhcL0dpSFYybVFmcGpuRyIsIm1hYyI6ImYzMTFmMDliMDljZjhhYTdhMGEyNTJiNDE3YzNlMjA1MjJkNGYxYTAxMzBkNDlkMmFkMzY0NzU3ZWRkMzAyZGYifQ%3D%3D; XSRF-TOKEN=eyJpdiI6Ilk3SHlOSEY5ZVRuWFhnV2g2R1Q3Z2c9PSIsInZhbHVlIjoibE1EWHZmUWNWUlwvWDZaZkFka1FoTFhzeTF0b3VqT3prZ3Q4SCtta2prd29uNk41ZjV5SUlDa3c1TlkyS3dIWVJwQmg5QkgrRjdRNWFlTk8xQTl0MXJLaDh2UEUxV3kxcjJLUnpMSUlyZ296OGdXRkxibTRzWUZRTlY2bFFuU1A0IiwibWFjIjoiMmUxMmNiMDgyNjJjMTZjZTUyYTg0ZDcyNDg1ZTk3ZmZjMDkxMTM3ZWU1NDhmZGI5MWIzNmMzMjJhNDc0ZjBiNSJ9; PublishedSiteSession=eyJpdiI6IlFFN2JcLzdUalN4NXY1N2EzZ1BTbDFBPT0iLCJ2YWx1ZSI6IjduMndkRlwvcjYxdG5acWZWb1ZtSlFjMEZPMkx1UG1YUjBtanVlU1ByamgwNVdIRkU3aXpuZmlvbDJZRnd6QU5cL1g3SVB3azY0YzI4TXlkNU1KQXhFTUhEdVUzSUJMeE9pS3FGYk5yZWpJUGJFTTh4dTFDYW1KYW02TFBMQUdER24iLCJtYWMiOiIxNjA0OTE1M2JjMmM5OGEwNzk1MWRiNjVkOWFlYTE2MDM3Y2ZjMzA1YTU4ODljNTE3OWZjMzFiZjBmNzI1MDVhIn0%3D; _snow_ses.5a89=*; _snow_id.5a89=7e271aae-b8ff-4d6f-8b56-1195c6f9cb2d.1669654967.1.1669654967.1669654967.359f8104-5754-4108-bd81-d477fd1c57d8; _dd_s=rum=1&id=2335e520-13dc-4f72-ba36-1112292dfb85&created=1669654967714&expire=1669655867714
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

search
                                         199.34.228.39
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Date: Mon, 28 Nov 2022 17:02:48 GMT
Server: Apache
Vary: X-W-SSL,User-Agent
X-Host: blu95.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 894
Keep-Alive: timeout=10, max=75
Connection: Keep-Alive


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (894), with no line terminators
Size:   894
Md5:    099f219cf33df3143cfd5b2d398d2e89
Sha1:   ffd412c4392b54f30b157617676cf156355dfae0
Sha256: 093724d4a1b2f10972e43a9fc532fb16db1ee8f8b4fc41c922b430547fc1dbe4

Alerts:
  Blocklists:
    - openphish: AT&T Inc.
    - fortinet: Phishing
                                        
                                            GET /uploads/b/760c4ac0-6e8c-11ed-97ee-11fd02598509/icon_180x180_ios_NzgxMD.png?width=180 HTTP/1.1 
Host: att-101700.square.site
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://att-101700.square.site/
Cookie: publishedsite-xsrf=eyJpdiI6Ik9DQ2l2cUhkdFwvakpqWWNJckhUelRRPT0iLCJ2YWx1ZSI6InY1RHVQVTNsWXJMSDVxeEhGQVREdjlkU01nTW5vOVNFdXhuOFhsRU1rd1Nmb3BiTDIrZW56Tk1tY3lNM2pTdTJFKzVCeXBvZWJhdDBSWmpvZjI0VnhQQ05vVkI4YVM5RldRZStHdzd6UFM1ZXUrbWI3QUhcL0dpSFYybVFmcGpuRyIsIm1hYyI6ImYzMTFmMDliMDljZjhhYTdhMGEyNTJiNDE3YzNlMjA1MjJkNGYxYTAxMzBkNDlkMmFkMzY0NzU3ZWRkMzAyZGYifQ%3D%3D; XSRF-TOKEN=eyJpdiI6Ilk3SHlOSEY5ZVRuWFhnV2g2R1Q3Z2c9PSIsInZhbHVlIjoibE1EWHZmUWNWUlwvWDZaZkFka1FoTFhzeTF0b3VqT3prZ3Q4SCtta2prd29uNk41ZjV5SUlDa3c1TlkyS3dIWVJwQmg5QkgrRjdRNWFlTk8xQTl0MXJLaDh2UEUxV3kxcjJLUnpMSUlyZ296OGdXRkxibTRzWUZRTlY2bFFuU1A0IiwibWFjIjoiMmUxMmNiMDgyNjJjMTZjZTUyYTg0ZDcyNDg1ZTk3ZmZjMDkxMTM3ZWU1NDhmZGI5MWIzNmMzMjJhNDc0ZjBiNSJ9; PublishedSiteSession=eyJpdiI6IlFFN2JcLzdUalN4NXY1N2EzZ1BTbDFBPT0iLCJ2YWx1ZSI6IjduMndkRlwvcjYxdG5acWZWb1ZtSlFjMEZPMkx1UG1YUjBtanVlU1ByamgwNVdIRkU3aXpuZmlvbDJZRnd6QU5cL1g3SVB3azY0YzI4TXlkNU1KQXhFTUhEdVUzSUJMeE9pS3FGYk5yZWpJUGJFTTh4dTFDYW1KYW02TFBMQUdER24iLCJtYWMiOiIxNjA0OTE1M2JjMmM5OGEwNzk1MWRiNjVkOWFlYTE2MDM3Y2ZjMzA1YTU4ODljNTE3OWZjMzFiZjBmNzI1MDVhIn0%3D; _snow_ses.5a89=*; _snow_id.5a89=7e271aae-b8ff-4d6f-8b56-1195c6f9cb2d.1669654967.1.1669654967.1669654967.359f8104-5754-4108-bd81-d477fd1c57d8; _dd_s=rum=1&id=2335e520-13dc-4f72-ba36-1112292dfb85&created=1669654967714&expire=1669655867714
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         199.34.228.39
HTTP/1.1 200 OK
Content-Type: image/webp
                                        
Server: nginx
Date: Mon, 28 Nov 2022 17:02:49 GMT
Content-Length: 618
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Authorization, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Etag: "/2nJruhejxnNWPbRmWrgXtk/BKN/yIhTCz91GMNChpk"
Fastly-Io-Info: ifsz=1204 idim=180x180 ifmt=png ofsz=618 odim=180x180 ofmt=webp
Fastly-Stats: io=1
Fastly-Transform-Stats: tus=1080 cr=1.95
X-Amz-Request-Id: tx0000000000000355d16e0-006378b4a0-c699baa-sfo1
X-Rgw-Object-Type: Normal
X-Storage-Bucket: ze59f
X-Storage-Object: e59f093f99316f01afa70e44634fa696e85a1edddbbd233126ea5883ed0f3c54
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Age: 218
X-Served-By: cache-sjc10064-SJC, cache-pao17456-PAO
X-Cache: MISS, HIT
X-Cache-Hits: 0, 1
X-Timer: S1669654969.126236,VS0,VE3
Vary: Accept
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Host: grn14.sf2p.intern.weebly.net


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   618
Md5:    0fca3821cc22806c4ee4200e628027ca
Sha1:   023880c98e67f02331f67945b30d687eb07d526a
Sha256: 53d23bd4d67eb877f60c6444be7d2db8b7c0d894b1fdfd714c3463f85686c333

Alerts:
  Blocklists:
    - openphish: AT&T Inc.
    - fortinet: Phishing
                                        
                                            POST /ajax/api/JsonRPC/Commerce/?Commerce/[ABTestSegmentation::getTestSegments] HTTP/1.1 
Host: att-101700.square.site
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
X-XSRF-TOKEN: eyJpdiI6Ilk3SHlOSEY5ZVRuWFhnV2g2R1Q3Z2c9PSIsInZhbHVlIjoibE1EWHZmUWNWUlwvWDZaZkFka1FoTFhzeTF0b3VqT3prZ3Q4SCtta2prd29uNk41ZjV5SUlDa3c1TlkyS3dIWVJwQmg5QkgrRjdRNWFlTk8xQTl0MXJLaDh2UEUxV3kxcjJLUnpMSUlyZ296OGdXRkxibTRzWUZRTlY2bFFuU1A0IiwibWFjIjoiMmUxMmNiMDgyNjJjMTZjZTUyYTg0ZDcyNDg1ZTk3ZmZjMDkxMTM3ZWU1NDhmZGI5MWIzNmMzMjJhNDc0ZjBiNSJ9
Content-Length: 83
Origin: https://att-101700.square.site
Connection: keep-alive
Referer: https://att-101700.square.site/
Cookie: publishedsite-xsrf=eyJpdiI6Ik9DQ2l2cUhkdFwvakpqWWNJckhUelRRPT0iLCJ2YWx1ZSI6InY1RHVQVTNsWXJMSDVxeEhGQVREdjlkU01nTW5vOVNFdXhuOFhsRU1rd1Nmb3BiTDIrZW56Tk1tY3lNM2pTdTJFKzVCeXBvZWJhdDBSWmpvZjI0VnhQQ05vVkI4YVM5RldRZStHdzd6UFM1ZXUrbWI3QUhcL0dpSFYybVFmcGpuRyIsIm1hYyI6ImYzMTFmMDliMDljZjhhYTdhMGEyNTJiNDE3YzNlMjA1MjJkNGYxYTAxMzBkNDlkMmFkMzY0NzU3ZWRkMzAyZGYifQ%3D%3D; XSRF-TOKEN=eyJpdiI6Ilk3SHlOSEY5ZVRuWFhnV2g2R1Q3Z2c9PSIsInZhbHVlIjoibE1EWHZmUWNWUlwvWDZaZkFka1FoTFhzeTF0b3VqT3prZ3Q4SCtta2prd29uNk41ZjV5SUlDa3c1TlkyS3dIWVJwQmg5QkgrRjdRNWFlTk8xQTl0MXJLaDh2UEUxV3kxcjJLUnpMSUlyZ296OGdXRkxibTRzWUZRTlY2bFFuU1A0IiwibWFjIjoiMmUxMmNiMDgyNjJjMTZjZTUyYTg0ZDcyNDg1ZTk3ZmZjMDkxMTM3ZWU1NDhmZGI5MWIzNmMzMjJhNDc0ZjBiNSJ9; PublishedSiteSession=eyJpdiI6IlFFN2JcLzdUalN4NXY1N2EzZ1BTbDFBPT0iLCJ2YWx1ZSI6IjduMndkRlwvcjYxdG5acWZWb1ZtSlFjMEZPMkx1UG1YUjBtanVlU1ByamgwNVdIRkU3aXpuZmlvbDJZRnd6QU5cL1g3SVB3azY0YzI4TXlkNU1KQXhFTUhEdVUzSUJMeE9pS3FGYk5yZWpJUGJFTTh4dTFDYW1KYW02TFBMQUdER24iLCJtYWMiOiIxNjA0OTE1M2JjMmM5OGEwNzk1MWRiNjVkOWFlYTE2MDM3Y2ZjMzA1YTU4ODljNTE3OWZjMzFiZjBmNzI1MDVhIn0%3D; _snow_ses.5a89=*; _snow_id.5a89=7e271aae-b8ff-4d6f-8b56-1195c6f9cb2d.1669654967.1.1669654967.1669654967.359f8104-5754-4108-bd81-d477fd1c57d8; _dd_s=rum=1&id=2335e520-13dc-4f72-ba36-1112292dfb85&created=1669654967714&expire=1669655867714
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

search
                                         199.34.228.39
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Date: Mon, 28 Nov 2022 17:02:49 GMT
Server: Apache
Vary: X-W-SSL,User-Agent
X-Host: grn81.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 201
Keep-Alive: timeout=10, max=75
Connection: Keep-Alive


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   201
Md5:    bbf985fd86ef8add09a38860a98def2f
Sha1:   2804fa968da1e1b8be4b6f150438e45f4150d3c0
Sha256: 236153652c6f09415db4ee8f8b9a98827da5987a001a136d94d87f401ef6f160

Alerts:
  Blocklists:
    - openphish: AT&T Inc.
    - fortinet: Phishing
                                        
                                            GET /app/website/cms/api/v1/users/144000660/customers/coordinates HTTP/1.1 
Host: att-101700.square.site
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-XSRF-TOKEN: eyJpdiI6Ilk3SHlOSEY5ZVRuWFhnV2g2R1Q3Z2c9PSIsInZhbHVlIjoibE1EWHZmUWNWUlwvWDZaZkFka1FoTFhzeTF0b3VqT3prZ3Q4SCtta2prd29uNk41ZjV5SUlDa3c1TlkyS3dIWVJwQmg5QkgrRjdRNWFlTk8xQTl0MXJLaDh2UEUxV3kxcjJLUnpMSUlyZ296OGdXRkxibTRzWUZRTlY2bFFuU1A0IiwibWFjIjoiMmUxMmNiMDgyNjJjMTZjZTUyYTg0ZDcyNDg1ZTk3ZmZjMDkxMTM3ZWU1NDhmZGI5MWIzNmMzMjJhNDc0ZjBiNSJ9
Connection: keep-alive
Referer: https://att-101700.square.site/
Cookie: publishedsite-xsrf=eyJpdiI6Ik9DQ2l2cUhkdFwvakpqWWNJckhUelRRPT0iLCJ2YWx1ZSI6InY1RHVQVTNsWXJMSDVxeEhGQVREdjlkU01nTW5vOVNFdXhuOFhsRU1rd1Nmb3BiTDIrZW56Tk1tY3lNM2pTdTJFKzVCeXBvZWJhdDBSWmpvZjI0VnhQQ05vVkI4YVM5RldRZStHdzd6UFM1ZXUrbWI3QUhcL0dpSFYybVFmcGpuRyIsIm1hYyI6ImYzMTFmMDliMDljZjhhYTdhMGEyNTJiNDE3YzNlMjA1MjJkNGYxYTAxMzBkNDlkMmFkMzY0NzU3ZWRkMzAyZGYifQ%3D%3D; XSRF-TOKEN=eyJpdiI6Ilk3SHlOSEY5ZVRuWFhnV2g2R1Q3Z2c9PSIsInZhbHVlIjoibE1EWHZmUWNWUlwvWDZaZkFka1FoTFhzeTF0b3VqT3prZ3Q4SCtta2prd29uNk41ZjV5SUlDa3c1TlkyS3dIWVJwQmg5QkgrRjdRNWFlTk8xQTl0MXJLaDh2UEUxV3kxcjJLUnpMSUlyZ296OGdXRkxibTRzWUZRTlY2bFFuU1A0IiwibWFjIjoiMmUxMmNiMDgyNjJjMTZjZTUyYTg0ZDcyNDg1ZTk3ZmZjMDkxMTM3ZWU1NDhmZGI5MWIzNmMzMjJhNDc0ZjBiNSJ9; PublishedSiteSession=eyJpdiI6IlFFN2JcLzdUalN4NXY1N2EzZ1BTbDFBPT0iLCJ2YWx1ZSI6IjduMndkRlwvcjYxdG5acWZWb1ZtSlFjMEZPMkx1UG1YUjBtanVlU1ByamgwNVdIRkU3aXpuZmlvbDJZRnd6QU5cL1g3SVB3azY0YzI4TXlkNU1KQXhFTUhEdVUzSUJMeE9pS3FGYk5yZWpJUGJFTTh4dTFDYW1KYW02TFBMQUdER24iLCJtYWMiOiIxNjA0OTE1M2JjMmM5OGEwNzk1MWRiNjVkOWFlYTE2MDM3Y2ZjMzA1YTU4ODljNTE3OWZjMzFiZjBmNzI1MDVhIn0%3D; _snow_ses.5a89=*; _snow_id.5a89=7e271aae-b8ff-4d6f-8b56-1195c6f9cb2d.1669654967.1.1669654967.1669654967.359f8104-5754-4108-bd81-d477fd1c57d8; _dd_s=rum=1&id=2335e520-13dc-4f72-ba36-1112292dfb85&created=1669654967714&expire=1669655867714
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

search
                                         199.34.228.39
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Server: nginx
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Mon, 28 Nov 2022 17:02:49 GMT
Set-Cookie: websitespring-xsrf=eyJpdiI6ImZIVjNaQ1U2dURrY1FoWThIQkNWN3c9PSIsInZhbHVlIjoiTzBmOWQzY3AycW9xT1l3ZkpVZGtxSjhxdGlTS2RvbkxrRzdkamozNVlycjNpVUVkY0hYd3I4ZmpFaWFLMVh1YVpIcjdTQlZ0T3RSakpcL2h2R0dBWDNsV3YyXC8ydldoWEQ2MXEwTG1pOTA0bG9vcnl3ZDNPeTBPZGdBZm9KRmhsViIsIm1hYyI6ImJmYzk3ZTRmMjQwNjE1YjUwNWMzMWQzNDlmMWY0ODU1Yzg1MTE1NTJjMjdmNjc4ZWFlM2FiNDExZThiODhkYmMifQ%3D%3D; expires=Mon, 12-Dec-2022 17:02:49 GMT; Max-Age=1209600; path=/ XSRF-TOKEN=eyJpdiI6IjRoUTdaYUdJYkVYaWlaUldOb1lOVmc9PSIsInZhbHVlIjoiZW1ocENBOW02QzlWN0sxVTcxNFdJZ1o4VW96S0JGaTI5bm4yRlp3K1lYQXFETU94QlhTWGk2d25JRGMzd0xOdHJDMWZNaEwybUlodGpRRDU4dzYzdVBJcm55dEM4UFwvTStzUXQ4U0x6d0pvRUE3a01YWDF6eWFRZWhjU3JBN0ZKIiwibWFjIjoiNzQ3ODg2YmE3NjY4YzI2OTNmZTY4Zjg4NTk2YzNlOGJlZGIwMGMzMmNjNGRjNTlmMjY2MDU2Y2UwNGM0YmE1YSJ9; expires=Mon, 12-Dec-2022 17:02:49 GMT; Max-Age=1209600; path=/
X-Host: grn43.sf2p.intern.weebly.net
X-Revision: aba69181966a1a9229b2f5527bc29ef4864d9bed
X-Request-ID: a85eb862db4bc5e4ad5eda8a05a8db9f
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   70
Md5:    9752b06c768724a72741cf9388713596
Sha1:   3c05993fc47e53d1edaa9c03779565a7753f3a61
Sha256: 1d97b677c782c9ae57c8b4dcb6afd88a8068ea3cd133a00cf1050dfe0b4d835c

Alerts:
  Blocklists:
    - openphish: AT&T Inc.
    - fortinet: Phishing
                                        
                                            POST /com.snowplowanalytics.snowplow/tp2 HTTP/1.1 
Host: ec.editmysite.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 2381
Origin: https://att-101700.square.site
Connection: keep-alive
Referer: https://att-101700.square.site/
Cookie: sp=5e23c2a9-10f9-4327-bd97-713402375c0e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.214.185.169
HTTP/2 200 OK
content-type: text/plain; charset=UTF-8
                                        
date: Mon, 28 Nov 2022 17:02:49 GMT
content-length: 2
server: nginx
set-cookie: sp=5e23c2a9-10f9-4327-bd97-713402375c0e; Expires=Tue, 28 Nov 2023 17:02:49 GMT; Domain=; Path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: https://att-101700.square.site
access-control-allow-credentials: true
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    444bcb3a3fcf8389296c49467f27e1d6
Sha1:   7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
Sha256: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
                                        
                                            GET /square.ico HTTP/1.1 
Host: att-101700.square.site
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://att-101700.square.site/
Cookie: publishedsite-xsrf=eyJpdiI6Ik9DQ2l2cUhkdFwvakpqWWNJckhUelRRPT0iLCJ2YWx1ZSI6InY1RHVQVTNsWXJMSDVxeEhGQVREdjlkU01nTW5vOVNFdXhuOFhsRU1rd1Nmb3BiTDIrZW56Tk1tY3lNM2pTdTJFKzVCeXBvZWJhdDBSWmpvZjI0VnhQQ05vVkI4YVM5RldRZStHdzd6UFM1ZXUrbWI3QUhcL0dpSFYybVFmcGpuRyIsIm1hYyI6ImYzMTFmMDliMDljZjhhYTdhMGEyNTJiNDE3YzNlMjA1MjJkNGYxYTAxMzBkNDlkMmFkMzY0NzU3ZWRkMzAyZGYifQ%3D%3D; XSRF-TOKEN=eyJpdiI6Ilk3SHlOSEY5ZVRuWFhnV2g2R1Q3Z2c9PSIsInZhbHVlIjoibE1EWHZmUWNWUlwvWDZaZkFka1FoTFhzeTF0b3VqT3prZ3Q4SCtta2prd29uNk41ZjV5SUlDa3c1TlkyS3dIWVJwQmg5QkgrRjdRNWFlTk8xQTl0MXJLaDh2UEUxV3kxcjJLUnpMSUlyZ296OGdXRkxibTRzWUZRTlY2bFFuU1A0IiwibWFjIjoiMmUxMmNiMDgyNjJjMTZjZTUyYTg0ZDcyNDg1ZTk3ZmZjMDkxMTM3ZWU1NDhmZGI5MWIzNmMzMjJhNDc0ZjBiNSJ9; PublishedSiteSession=eyJpdiI6IlFFN2JcLzdUalN4NXY1N2EzZ1BTbDFBPT0iLCJ2YWx1ZSI6IjduMndkRlwvcjYxdG5acWZWb1ZtSlFjMEZPMkx1UG1YUjBtanVlU1ByamgwNVdIRkU3aXpuZmlvbDJZRnd6QU5cL1g3SVB3azY0YzI4TXlkNU1KQXhFTUhEdVUzSUJMeE9pS3FGYk5yZWpJUGJFTTh4dTFDYW1KYW02TFBMQUdER24iLCJtYWMiOiIxNjA0OTE1M2JjMmM5OGEwNzk1MWRiNjVkOWFlYTE2MDM3Y2ZjMzA1YTU4ODljNTE3OWZjMzFiZjBmNzI1MDVhIn0%3D; _snow_ses.5a89=*; _snow_id.5a89=7e271aae-b8ff-4d6f-8b56-1195c6f9cb2d.1669654967.1.1669654967.1669654967.359f8104-5754-4108-bd81-d477fd1c57d8; _dd_s=rum=1&id=2335e520-13dc-4f72-ba36-1112292dfb85&created=1669654967714&expire=1669655867714
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         199.34.228.39
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx
Date: Mon, 28 Nov 2022 17:02:49 GMT
Content-Length: 6518
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2019 14:51:59 GMT
x-rgw-object-type: Normal
ETag: "d810985ef4dc1c0bd5811e36d13c8ca3"
x-amz-request-id: tx000000000000001af9993-00628473f6-b9fbc29-sfo1
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Host: grn144.sf2p.intern.weebly.net
X-Revision: aba69181966a1a9229b2f5527bc29ef4864d9bed
X-Request-ID: bba184f0449b3bc3c1ceb8fa498abe8f


--- Additional Info ---
Magic:  MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size:   6518
Md5:    d810985ef4dc1c0bd5811e36d13c8ca3
Sha1:   2b45bb77c68c937af6a2d9854dc82301526473aa
Sha256: 770e0889aefd823056c7cdbb066a445be0f0754c1b4d4cba877e120fdbcb63e6

Alerts:
  Blocklists:
    - openphish: AT&T Inc.
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5932
Cache-Control: max-age=144759
Date: Mon, 28 Nov 2022 17:02:49 GMT
Etag: "63846504-1d7"
Expires: Wed, 30 Nov 2022 09:15:28 GMT
Last-Modified: Mon, 28 Nov 2022 07:36:36 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /com.snowplowanalytics.snowplow/tp2 HTTP/1.1 
Host: ec.editmysite.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 1840
Origin: https://att-101700.square.site
Connection: keep-alive
Referer: https://att-101700.square.site/
Cookie: sp=5e23c2a9-10f9-4327-bd97-713402375c0e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.214.185.169
HTTP/2 200 OK
content-type: text/plain; charset=UTF-8
                                        
date: Mon, 28 Nov 2022 17:02:49 GMT
content-length: 2
server: nginx
set-cookie: sp=5e23c2a9-10f9-4327-bd97-713402375c0e; Expires=Tue, 28 Nov 2023 17:02:49 GMT; Domain=; Path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: https://att-101700.square.site
access-control-allow-credentials: true
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    444bcb3a3fcf8389296c49467f27e1d6
Sha1:   7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
Sha256: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
                                        
                                            GET /uploads/b/d1931f7e21d78a1d7cefb06ab900da127890cff7e39c7a6f748ec5e47a358b9e/CURRENTLY_1669578665.png?width=400 HTTP/1.1 
Host: att-101700.square.site
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://att-101700.square.site/
Cookie: publishedsite-xsrf=eyJpdiI6Ik9DQ2l2cUhkdFwvakpqWWNJckhUelRRPT0iLCJ2YWx1ZSI6InY1RHVQVTNsWXJMSDVxeEhGQVREdjlkU01nTW5vOVNFdXhuOFhsRU1rd1Nmb3BiTDIrZW56Tk1tY3lNM2pTdTJFKzVCeXBvZWJhdDBSWmpvZjI0VnhQQ05vVkI4YVM5RldRZStHdzd6UFM1ZXUrbWI3QUhcL0dpSFYybVFmcGpuRyIsIm1hYyI6ImYzMTFmMDliMDljZjhhYTdhMGEyNTJiNDE3YzNlMjA1MjJkNGYxYTAxMzBkNDlkMmFkMzY0NzU3ZWRkMzAyZGYifQ%3D%3D; XSRF-TOKEN=eyJpdiI6IjRoUTdaYUdJYkVYaWlaUldOb1lOVmc9PSIsInZhbHVlIjoiZW1ocENBOW02QzlWN0sxVTcxNFdJZ1o4VW96S0JGaTI5bm4yRlp3K1lYQXFETU94QlhTWGk2d25JRGMzd0xOdHJDMWZNaEwybUlodGpRRDU4dzYzdVBJcm55dEM4UFwvTStzUXQ4U0x6d0pvRUE3a01YWDF6eWFRZWhjU3JBN0ZKIiwibWFjIjoiNzQ3ODg2YmE3NjY4YzI2OTNmZTY4Zjg4NTk2YzNlOGJlZGIwMGMzMmNjNGRjNTlmMjY2MDU2Y2UwNGM0YmE1YSJ9; PublishedSiteSession=eyJpdiI6IlFFN2JcLzdUalN4NXY1N2EzZ1BTbDFBPT0iLCJ2YWx1ZSI6IjduMndkRlwvcjYxdG5acWZWb1ZtSlFjMEZPMkx1UG1YUjBtanVlU1ByamgwNVdIRkU3aXpuZmlvbDJZRnd6QU5cL1g3SVB3azY0YzI4TXlkNU1KQXhFTUhEdVUzSUJMeE9pS3FGYk5yZWpJUGJFTTh4dTFDYW1KYW02TFBMQUdER24iLCJtYWMiOiIxNjA0OTE1M2JjMmM5OGEwNzk1MWRiNjVkOWFlYTE2MDM3Y2ZjMzA1YTU4ODljNTE3OWZjMzFiZjBmNzI1MDVhIn0%3D; _snow_ses.5a89=*; _snow_id.5a89=7e271aae-b8ff-4d6f-8b56-1195c6f9cb2d.1669654967.1.1669654969.1669654967.359f8104-5754-4108-bd81-d477fd1c57d8; _dd_s=rum=1&id=2335e520-13dc-4f72-ba36-1112292dfb85&created=1669654967714&expire=1669655867714; websitespring-xsrf=eyJpdiI6ImZIVjNaQ1U2dURrY1FoWThIQkNWN3c9PSIsInZhbHVlIjoiTzBmOWQzY3AycW9xT1l3ZkpVZGtxSjhxdGlTS2RvbkxrRzdkamozNVlycjNpVUVkY0hYd3I4ZmpFaWFLMVh1YVpIcjdTQlZ0T3RSakpcL2h2R0dBWDNsV3YyXC8ydldoWEQ2MXEwTG1pOTA0bG9vcnl3ZDNPeTBPZGdBZm9KRmhsViIsIm1hYyI6ImJmYzk3ZTRmMjQwNjE1YjUwNWMzMWQzNDlmMWY0ODU1Yzg1MTE1NTJjMjdmNjc4ZWFlM2FiNDExZThiODhkYmMifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         199.34.228.39
HTTP/1.1 200 OK
Content-Type: image/webp
                                        
Server: nginx
Date: Mon, 28 Nov 2022 17:02:49 GMT
Content-Length: 5148
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Authorization, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Etag: "cwYdM3OH7gCtXLBAptLHUgJ9uZomOj/7109MRR/xNkw"
Fastly-Io-Info: ifsz=6045 idim=391x129 ifmt=png ofsz=5148 odim=391x129 ofmt=webp
Fastly-Stats: io=1
Fastly-Transform-Stats: tus=10116 cr=1.17
X-Amz-Request-Id: tx00000000000002c3b189b-00636af542-c67eadd-sfo1
X-Rgw-Object-Type: Normal
X-Storage-Bucket: z0298
X-Storage-Object: 0298f72012c38397647c5517ac80177761fdfda418bdf65c100fb45fe3b278d1
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Age: 218
X-Served-By: cache-sjc10033-SJC, cache-pao17461-PAO
X-Cache: MISS, HIT
X-Cache-Hits: 0, 1
X-Timer: S1669654970.976237,VS0,VE1
Vary: Accept
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Host: grn155.sf2p.intern.weebly.net


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   5148
Md5:    515659da3ba10f691eb84b94235a8c63
Sha1:   14a6bf8ad725f9a89aba6ec9e145d95042b70fb7
Sha256: 7ed443255c00aa370d31226d919fe612d9ffc8a0e01daa9a52e4aae58e23f6c4
                                        
                                            POST /ajax/api/JsonRPC/Commerce/?Commerce/[Checkout::getCurrentOrder] HTTP/1.1 
Host: att-101700.square.site
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Client-Application-Name: website
X-XSRF-TOKEN: eyJpdiI6IjRoUTdaYUdJYkVYaWlaUldOb1lOVmc9PSIsInZhbHVlIjoiZW1ocENBOW02QzlWN0sxVTcxNFdJZ1o4VW96S0JGaTI5bm4yRlp3K1lYQXFETU94QlhTWGk2d25JRGMzd0xOdHJDMWZNaEwybUlodGpRRDU4dzYzdVBJcm55dEM4UFwvTStzUXQ4U0x6d0pvRUE3a01YWDF6eWFRZWhjU3JBN0ZKIiwibWFjIjoiNzQ3ODg2YmE3NjY4YzI2OTNmZTY4Zjg4NTk2YzNlOGJlZGIwMGMzMmNjNGRjNTlmMjY2MDU2Y2UwNGM0YmE1YSJ9
Content-Length: 89
Origin: https://att-101700.square.site
Connection: keep-alive
Referer: https://att-101700.square.site/
Cookie: publishedsite-xsrf=eyJpdiI6Ik9DQ2l2cUhkdFwvakpqWWNJckhUelRRPT0iLCJ2YWx1ZSI6InY1RHVQVTNsWXJMSDVxeEhGQVREdjlkU01nTW5vOVNFdXhuOFhsRU1rd1Nmb3BiTDIrZW56Tk1tY3lNM2pTdTJFKzVCeXBvZWJhdDBSWmpvZjI0VnhQQ05vVkI4YVM5RldRZStHdzd6UFM1ZXUrbWI3QUhcL0dpSFYybVFmcGpuRyIsIm1hYyI6ImYzMTFmMDliMDljZjhhYTdhMGEyNTJiNDE3YzNlMjA1MjJkNGYxYTAxMzBkNDlkMmFkMzY0NzU3ZWRkMzAyZGYifQ%3D%3D; XSRF-TOKEN=eyJpdiI6IjRoUTdaYUdJYkVYaWlaUldOb1lOVmc9PSIsInZhbHVlIjoiZW1ocENBOW02QzlWN0sxVTcxNFdJZ1o4VW96S0JGaTI5bm4yRlp3K1lYQXFETU94QlhTWGk2d25JRGMzd0xOdHJDMWZNaEwybUlodGpRRDU4dzYzdVBJcm55dEM4UFwvTStzUXQ4U0x6d0pvRUE3a01YWDF6eWFRZWhjU3JBN0ZKIiwibWFjIjoiNzQ3ODg2YmE3NjY4YzI2OTNmZTY4Zjg4NTk2YzNlOGJlZGIwMGMzMmNjNGRjNTlmMjY2MDU2Y2UwNGM0YmE1YSJ9; PublishedSiteSession=eyJpdiI6IlFFN2JcLzdUalN4NXY1N2EzZ1BTbDFBPT0iLCJ2YWx1ZSI6IjduMndkRlwvcjYxdG5acWZWb1ZtSlFjMEZPMkx1UG1YUjBtanVlU1ByamgwNVdIRkU3aXpuZmlvbDJZRnd6QU5cL1g3SVB3azY0YzI4TXlkNU1KQXhFTUhEdVUzSUJMeE9pS3FGYk5yZWpJUGJFTTh4dTFDYW1KYW02TFBMQUdER24iLCJtYWMiOiIxNjA0OTE1M2JjMmM5OGEwNzk1MWRiNjVkOWFlYTE2MDM3Y2ZjMzA1YTU4ODljNTE3OWZjMzFiZjBmNzI1MDVhIn0%3D; _snow_ses.5a89=*; _snow_id.5a89=7e271aae-b8ff-4d6f-8b56-1195c6f9cb2d.1669654967.1.1669654969.1669654967.359f8104-5754-4108-bd81-d477fd1c57d8; _dd_s=rum=1&id=2335e520-13dc-4f72-ba36-1112292dfb85&created=1669654967714&expire=1669655867714; websitespring-xsrf=eyJpdiI6ImZIVjNaQ1U2dURrY1FoWThIQkNWN3c9PSIsInZhbHVlIjoiTzBmOWQzY3AycW9xT1l3ZkpVZGtxSjhxdGlTS2RvbkxrRzdkamozNVlycjNpVUVkY0hYd3I4ZmpFaWFLMVh1YVpIcjdTQlZ0T3RSakpcL2h2R0dBWDNsV3YyXC8ydldoWEQ2MXEwTG1pOTA0bG9vcnl3ZDNPeTBPZGdBZm9KRmhsViIsIm1hYyI6ImJmYzk3ZTRmMjQwNjE1YjUwNWMzMWQzNDlmMWY0ODU1Yzg1MTE1NTJjMjdmNjc4ZWFlM2FiNDExZThiODhkYmMifQ%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

search
                                         199.34.228.39
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Date: Mon, 28 Nov 2022 17:02:49 GMT
Server: Apache
Vary: X-W-SSL,User-Agent
X-Host: grn84.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 182
Keep-Alive: timeout=10, max=75
Connection: Keep-Alive


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   182
Md5:    6f6b6b81dd3714cd388808342e960a10
Sha1:   f34bc92a2c7a4dfe56bd6f069ad601e6a61e3b61
Sha256: 2eb22bb7b96aaee11236fcf99e822ede29d3a2ddf2d6f019bb70005b5a1540ef

Alerts:
  Blocklists:
    - openphish: AT&T Inc.
    - fortinet: Phishing
                                        
                                            POST /api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.21.2%2Cenv%3Aproduction%2Cservice%3Asquare-online-buyer-journey%2Cversion%3Aprime-aba6918&dd-api-key=pubc0f9d721a4f01e74b0453dd99e44a542&dd-evp-origin-version=4.21.2&dd-evp-origin=browser&dd-request-id=a8c72f77-8df7-46f0-8ce6-42a6671e5670&batch_time=1669654968966 HTTP/1.1 
Host: rum.browser-intake-datadoghq.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 16259
Origin: https://att-101700.square.site
Connection: keep-alive
Referer: https://att-101700.square.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         3.233.153.110
HTTP/2 202 Accepted
content-type: application/json
                                        
date: Mon, 28 Nov 2022 17:02:50 GMT
content-length: 53
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
strict-transport-security: max-age=15724800;
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   53
Md5:    31599b115e312e4fecd3b3c2f236ff65
Sha1:   9013ecdc96eca17280e5f4f2c9ccffa9a8f7784d
Sha256: f15c76ae9b2f803a865137d601a3fda4fc490853dcf2f3390be7c69be3f9bcf0
                                        
                                            POST /ajax/api/JsonRPC/Commerce/?Commerce/[Checkout::hasCouponsAvailable] HTTP/1.1 
Host: att-101700.square.site
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Client-Application-Name: website
X-XSRF-TOKEN: eyJpdiI6IjRoUTdaYUdJYkVYaWlaUldOb1lOVmc9PSIsInZhbHVlIjoiZW1ocENBOW02QzlWN0sxVTcxNFdJZ1o4VW96S0JGaTI5bm4yRlp3K1lYQXFETU94QlhTWGk2d25JRGMzd0xOdHJDMWZNaEwybUlodGpRRDU4dzYzdVBJcm55dEM4UFwvTStzUXQ4U0x6d0pvRUE3a01YWDF6eWFRZWhjU3JBN0ZKIiwibWFjIjoiNzQ3ODg2YmE3NjY4YzI2OTNmZTY4Zjg4NTk2YzNlOGJlZGIwMGMzMmNjNGRjNTlmMjY2MDU2Y2UwNGM0YmE1YSJ9
Content-Length: 77
Origin: https://att-101700.square.site
Connection: keep-alive
Referer: https://att-101700.square.site/
Cookie: publishedsite-xsrf=eyJpdiI6Ik9DQ2l2cUhkdFwvakpqWWNJckhUelRRPT0iLCJ2YWx1ZSI6InY1RHVQVTNsWXJMSDVxeEhGQVREdjlkU01nTW5vOVNFdXhuOFhsRU1rd1Nmb3BiTDIrZW56Tk1tY3lNM2pTdTJFKzVCeXBvZWJhdDBSWmpvZjI0VnhQQ05vVkI4YVM5RldRZStHdzd6UFM1ZXUrbWI3QUhcL0dpSFYybVFmcGpuRyIsIm1hYyI6ImYzMTFmMDliMDljZjhhYTdhMGEyNTJiNDE3YzNlMjA1MjJkNGYxYTAxMzBkNDlkMmFkMzY0NzU3ZWRkMzAyZGYifQ%3D%3D; XSRF-TOKEN=eyJpdiI6IjRoUTdaYUdJYkVYaWlaUldOb1lOVmc9PSIsInZhbHVlIjoiZW1ocENBOW02QzlWN0sxVTcxNFdJZ1o4VW96S0JGaTI5bm4yRlp3K1lYQXFETU94QlhTWGk2d25JRGMzd0xOdHJDMWZNaEwybUlodGpRRDU4dzYzdVBJcm55dEM4UFwvTStzUXQ4U0x6d0pvRUE3a01YWDF6eWFRZWhjU3JBN0ZKIiwibWFjIjoiNzQ3ODg2YmE3NjY4YzI2OTNmZTY4Zjg4NTk2YzNlOGJlZGIwMGMzMmNjNGRjNTlmMjY2MDU2Y2UwNGM0YmE1YSJ9; PublishedSiteSession=eyJpdiI6IlFFN2JcLzdUalN4NXY1N2EzZ1BTbDFBPT0iLCJ2YWx1ZSI6IjduMndkRlwvcjYxdG5acWZWb1ZtSlFjMEZPMkx1UG1YUjBtanVlU1ByamgwNVdIRkU3aXpuZmlvbDJZRnd6QU5cL1g3SVB3azY0YzI4TXlkNU1KQXhFTUhEdVUzSUJMeE9pS3FGYk5yZWpJUGJFTTh4dTFDYW1KYW02TFBMQUdER24iLCJtYWMiOiIxNjA0OTE1M2JjMmM5OGEwNzk1MWRiNjVkOWFlYTE2MDM3Y2ZjMzA1YTU4ODljNTE3OWZjMzFiZjBmNzI1MDVhIn0%3D; _snow_ses.5a89=*; _snow_id.5a89=7e271aae-b8ff-4d6f-8b56-1195c6f9cb2d.1669654967.1.1669654969.1669654967.359f8104-5754-4108-bd81-d477fd1c57d8; _dd_s=rum=1&id=2335e520-13dc-4f72-ba36-1112292dfb85&created=1669654967714&expire=1669655867714; websitespring-xsrf=eyJpdiI6ImZIVjNaQ1U2dURrY1FoWThIQkNWN3c9PSIsInZhbHVlIjoiTzBmOWQzY3AycW9xT1l3ZkpVZGtxSjhxdGlTS2RvbkxrRzdkamozNVlycjNpVUVkY0hYd3I4ZmpFaWFLMVh1YVpIcjdTQlZ0T3RSakpcL2h2R0dBWDNsV3YyXC8ydldoWEQ2MXEwTG1pOTA0bG9vcnl3ZDNPeTBPZGdBZm9KRmhsViIsIm1hYyI6ImJmYzk3ZTRmMjQwNjE1YjUwNWMzMWQzNDlmMWY0ODU1Yzg1MTE1NTJjMjdmNjc4ZWFlM2FiNDExZThiODhkYmMifQ%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

search
                                         199.34.228.39
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Date: Mon, 28 Nov 2022 17:02:49 GMT
Server: Apache
Vary: X-W-SSL,User-Agent
X-Host: blu65.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 79
Keep-Alive: timeout=10, max=75
Connection: Keep-Alive


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   79
Md5:    26e70d9925604cbe0c7e866fc54d87f4
Sha1:   ef5b3fb91cf2534cbf57806d14b21f0a5ae5c259
Sha256: c0e7b562566962eced45cdf3319b692c55f3df7c3c6d39436a9d21bae2d2e049

Alerts:
  Blocklists:
    - openphish: AT&T Inc.
    - fortinet: Phishing
                                        
                                            POST /api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.21.2%2Cenv%3Aproduction%2Cservice%3Asquare-online-buyer-journey%2Cversion%3Aprime-aba6918&dd-api-key=pubc0f9d721a4f01e74b0453dd99e44a542&dd-evp-origin-version=4.21.2&dd-evp-origin=browser&dd-request-id=337725d8-4fa5-4e46-acf6-a74ed8347c9b&batch_time=1669654969148 HTTP/1.1 
Host: rum.browser-intake-datadoghq.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 16147
Origin: https://att-101700.square.site
Connection: keep-alive
Referer: https://att-101700.square.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         3.233.153.110
HTTP/2 202 Accepted
content-type: application/json
                                        
date: Mon, 28 Nov 2022 17:02:50 GMT
content-length: 53
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
strict-transport-security: max-age=15724800;
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   53
Md5:    9733835a297f338d68380ab9b7757756
Sha1:   7664af08c77530600b3b3562366d81b8a0007c0b
Sha256: 9a586a71284e3a7e43f9016d5a80a3c521bb34495047fe4ac8b2ab7873423dc4
                                        
                                            GET /app/website/square.ico HTTP/1.1 
Host: att-101700.square.site
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://att-101700.square.site/
Cookie: publishedsite-xsrf=eyJpdiI6Ik9DQ2l2cUhkdFwvakpqWWNJckhUelRRPT0iLCJ2YWx1ZSI6InY1RHVQVTNsWXJMSDVxeEhGQVREdjlkU01nTW5vOVNFdXhuOFhsRU1rd1Nmb3BiTDIrZW56Tk1tY3lNM2pTdTJFKzVCeXBvZWJhdDBSWmpvZjI0VnhQQ05vVkI4YVM5RldRZStHdzd6UFM1ZXUrbWI3QUhcL0dpSFYybVFmcGpuRyIsIm1hYyI6ImYzMTFmMDliMDljZjhhYTdhMGEyNTJiNDE3YzNlMjA1MjJkNGYxYTAxMzBkNDlkMmFkMzY0NzU3ZWRkMzAyZGYifQ%3D%3D; XSRF-TOKEN=eyJpdiI6IjRoUTdaYUdJYkVYaWlaUldOb1lOVmc9PSIsInZhbHVlIjoiZW1ocENBOW02QzlWN0sxVTcxNFdJZ1o4VW96S0JGaTI5bm4yRlp3K1lYQXFETU94QlhTWGk2d25JRGMzd0xOdHJDMWZNaEwybUlodGpRRDU4dzYzdVBJcm55dEM4UFwvTStzUXQ4U0x6d0pvRUE3a01YWDF6eWFRZWhjU3JBN0ZKIiwibWFjIjoiNzQ3ODg2YmE3NjY4YzI2OTNmZTY4Zjg4NTk2YzNlOGJlZGIwMGMzMmNjNGRjNTlmMjY2MDU2Y2UwNGM0YmE1YSJ9; PublishedSiteSession=eyJpdiI6IlFFN2JcLzdUalN4NXY1N2EzZ1BTbDFBPT0iLCJ2YWx1ZSI6IjduMndkRlwvcjYxdG5acWZWb1ZtSlFjMEZPMkx1UG1YUjBtanVlU1ByamgwNVdIRkU3aXpuZmlvbDJZRnd6QU5cL1g3SVB3azY0YzI4TXlkNU1KQXhFTUhEdVUzSUJMeE9pS3FGYk5yZWpJUGJFTTh4dTFDYW1KYW02TFBMQUdER24iLCJtYWMiOiIxNjA0OTE1M2JjMmM5OGEwNzk1MWRiNjVkOWFlYTE2MDM3Y2ZjMzA1YTU4ODljNTE3OWZjMzFiZjBmNzI1MDVhIn0%3D; _snow_ses.5a89=*; _snow_id.5a89=7e271aae-b8ff-4d6f-8b56-1195c6f9cb2d.1669654967.1.1669654969.1669654967.359f8104-5754-4108-bd81-d477fd1c57d8; _dd_s=rum=1&id=2335e520-13dc-4f72-ba36-1112292dfb85&created=1669654967714&expire=1669655867714; websitespring-xsrf=eyJpdiI6ImZIVjNaQ1U2dURrY1FoWThIQkNWN3c9PSIsInZhbHVlIjoiTzBmOWQzY3AycW9xT1l3ZkpVZGtxSjhxdGlTS2RvbkxrRzdkamozNVlycjNpVUVkY0hYd3I4ZmpFaWFLMVh1YVpIcjdTQlZ0T3RSakpcL2h2R0dBWDNsV3YyXC8ydldoWEQ2MXEwTG1pOTA0bG9vcnl3ZDNPeTBPZGdBZm9KRmhsViIsIm1hYyI6ImJmYzk3ZTRmMjQwNjE1YjUwNWMzMWQzNDlmMWY0ODU1Yzg1MTE1NTJjMjdmNjc4ZWFlM2FiNDExZThiODhkYmMifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         199.34.228.39
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx
Date: Mon, 28 Nov 2022 17:02:50 GMT
Content-Length: 6518
Connection: keep-alive
Last-Modified: Tue, 02 Apr 2019 14:51:59 GMT
x-rgw-object-type: Normal
ETag: "d810985ef4dc1c0bd5811e36d13c8ca3"
x-amz-request-id: tx000000000000001a88764-00628473fc-b9fbc20-sfo1
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Host: blu128.sf2p.intern.weebly.net
X-Revision: aba69181966a1a9229b2f5527bc29ef4864d9bed
X-Request-ID: b3db72729a326dc2b3cd63e835f1887c


--- Additional Info ---
Magic:  MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size:   6518
Md5:    d810985ef4dc1c0bd5811e36d13c8ca3
Sha1:   2b45bb77c68c937af6a2d9854dc82301526473aa
Sha256: 770e0889aefd823056c7cdbb066a445be0f0754c1b4d4cba877e120fdbcb63e6

Alerts:
  Blocklists:
    - openphish: AT&T Inc.
    - fortinet: Phishing